At CCS'11 a new chosen-ciphertext attack on XML Encryption has been presented. This attack is of high relevance, since it allows one to decrypt arbitrary encrypted XML payload by issuing 14 server requests per byte on average. In this paper we discuss several countermeasures against this attack, which have been considered by different framework developers for different scenarios. We analyze the scenarios and show why these countermeasures do not work. Thereby, we motivate for the application of authenticated encryption in the XML Encryption specification.
展开▼